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ABSTRACT 



A system and method is disclosed for performing centralized 
billing for transactions conducted by a user on a terminal 
(101) connected on an Intranet (103) with an Internet 
Service Provider (ISP) (115) connected to the Internet (104). 
A Firewall Gateway (105) interconnects the Intranet and the 
Internet and removes the terminal's IP address from packets 
transmitted by the user's terminal to the ISP on the Internet. 
A Session Manager (116) stores in a database (117) the 
associations between the IP address of the user's terminal 
and the user's identity, and between the IP address and the 
Connection ID of the connection established between the 
Firewall Gateway and the ISP for an ongoing transaction 
between the user and the ISP. A Billing Platform (120) 
receives a signal indicating the cost of the transaction and 
the Connection ID associated with the transaction from the 
ISP. The Billing Platform then accesses the database (117) of 
the Session Manager to determine the identity of the user 
from the Connection ID and an account of the identified user 
is retrieved in a database (127) associated with the Billing 
Platform. The account is then billed, for the cost of the 
transaction and forwarded to a billing entity (130-1-130-5) 
for billing to the user in accordance with the user's pre- 
established billing mechanism. 

16 Claims, 3 Drawing Sheets 
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FIG. 2 
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MANAGER OF USER'S IP ADDRESS AND 
CORRESPONDING USER ID 



202 



203 



USER STARTS A BROWSER CLIENT 
APPLICATION AND RECEIVES THE FIRST WEB 
PAGE (CORPORATE P ROXY IS SELECTED) 



USER'S TERMINAL CONNECTS TO USER'S 
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FIREWALL REMOVES THE USER'S 
IP ADDRESS FROM THE HTTP 

MESSAGE AND TRANSMITS HTTP 
MESSAGE TO THE MERCHANTS ISP 
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TRANSACTION BY SENDING 
THE CONNECTION ID 
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FIG. 3 
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SYSTEM AND METHOD FOR BILLING FOR 
TRANSACTIONS CONDUCTED OVER THE 
INTERNET FROM WITHIN AN INTRANET 

TECHNICAL FIELD 

This invention relates to a system and method of billing 
for information, interactive services, software, or tangible or 
intangible goods transacted for or provided over the Internet. 

BACKGROUND OF THE INVENTION 

The Internet today has become the gateway for connected 
users to access a plethora of information and interactive 
services. In addition, the Internet can provide users a mecha- 
nism for ordering various goods and services, including 
theater/concert tickets and merchandise, that will later be 
delivered by conventional transport means, and for ordering 
and receiving non-tangible goods that can be delivered in 
digital format directly over the Internet coincident with the 
transaction. Example of the latter may include software, 
music, video, and even electronic cash. 

Billing for information and/or interactive services pro- 
vided over the Internet, and for services or tangible or 
intangible goods ordered over the Internet and provided 
conventionally, or intangible goods delivered over the 
Internet, which are provided from a plurality of different 
sources, requires the user to establish a financial relationship 
with each of the many different merchant Internet Service 
Providers (ISPs). In many instances, the relationship may be 
very fleeting if the user only wants to access information or 
an interactive service or order merchandise from an ISP once 
or twice, or only on a very occasional basis. Establishing 
such a relationship with a multitude of different merchant 
ISPs is inconvenient and will generally require furnishing 
the ISP with some type of payment mechanism, such as 
supplying a credit card number, in order for the information, 
service, and/or goods to be provided via the Internet or other 
transport mechanism. In view of the non-secure nature of the 
Internet, users generally do not wish to provide their credit 
card number to an ISP unless it can be done in a secure 
fashion. 

In co-pending patent application, Ser. No. 08/636,109, 
filed Apr. 22, 1996, which is incorporated herein by 
reference, a method for billing a user for transactions 
conducted over the Internet is disclosed. As disclosed 
therein, transactions are billed to a user by associating a 
user's identity with the IP address of the user's terminal that 
has been assigned to that terminal generally by an Internet 
Access Provider for a user's session on the Internet. A billing 
platform, connected on the Internet, is then provided with 
the relationship between the user's identity and the IP 
address assigned to the user's terminal for the session. In 
response to a message from the merchant ISP that includes 
the IP address of the terminal conducting the transaction and 
the cost of the transaction, the billing platform adds the 
charges for the transaction to an account associated with the 
user. Such charges are then paid in accordance with a billing 
mechanism previously established between the user and the 
billing platform, such as to the user's bank credit card, debit 
account, merchant credit card, or telephone account. 

When the user's terminal is connected within an Intranet, 
i.e., a local private data network managed by a corporation 
or other business or educational organization, all data pack- 
ets passed between the Intranet and the Internet are first 
passed through a Firewall Gateway that controls the flow of 
information between the public Internet and the local private 
Intranet. Such a Firewall Gateway removes the user's IP 



£,267 
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address from each packet and instead conveys its own IP 
address as the source of each packet transmitted onto the 
public Internet. The Firewall Gateway directs the packets in 
the return message from the Internet to the proper terminal 

5 on the Intranet using a globally unambiguous connection 
identifier (Connection ID) within each packet to associate 
each packet to the proper IP address. Such Connection ID 
includes the following four parameters: the IP address of the 
ISP to which connection is made and the port number at that 

10 ISP for that connection, and the IP address of the Firewall 
Gateway and the port number at the Firewall Gateway for 
that connection. 

To the world on the Internet outside the Intranet, the IP 
address of the Firewall Gateway rather than the IP address 

15 of the user's terminal appears as the source address from 
which all packets from these user's terminals on the Intranet 
originate and the destination address to which packets from 
merchant ISPs on the Internet to these terminals are directed. 
The IP address recognized by a merchant ISP in a request 

20 from a user's terminal on an Intranet therefore cannot be 
directly and automatically associated with a user's identity 
for billing purposes as is done in accordance with the 
aforenoted co-pending patent application. 

25 SUMMARY OF THE INVENTION 

In accordance with the present invention, billing for 
transactions conducted by a user through a terminal con- 
nected on a private Intranet with an ISP on the Internet is 
effected by using a the Connection ID to identify the 

30 particular connection established between the Firewall Gale- 
way and the particular merchant ISP, which is providing 
over Intranet and Internet connections the information or 
services requested by the user, or is the receptor of the user's 
order for tangible or intangible goods. The relationship 

35 between this Connection ID and the IP address is transmitted 
to and received and stored by a Session Manager connected 
within the private Intranet network. This same Session 
Manager also receives and stores the relationship between 
the user's terminal IP address and the user's identity, which 

40 is provided to the Session Manager when the user initiates 
a connection on the Intranet. When the user attempts to 
conduct a transaction with a merchant ISP on the public 
Internet, a Billing Platform is queried by the merchant ISP 
before the transaction is effected. The Billing Platform, in 

45 turn, using the Connection ID associated with the particular 
connection over which the request for service, information, 
etc. is being made, queries the Session Manager. The Ses- 
sion Manger thereupon translates that Connection ID to a 
corresponding IP address which, in turn, is translated into a 

50 user's ID from which the user's account is accessed at the 
Billing Platform. Once that user's account is accessed, 
authorization to proceed with the transaction is transmitted 
to the merchant ISP, which then completes the transaction 
with the requesting user. At the conclusion of the 

55 transaction, the billing information is provided from the 
merchant ISP back to the Billing Platform, which bills the 
user's account in accordance with a predetermined billing 
mechanism previously established by the user and deter- 
mined by the Billing Platform in accordance with one or 

60 more parameters associated with the transaction. These 
parameters can include the amount of the transaction, the 
type of transaction, and/or the identity of the merchant ISP. 
Accordingly, the user's bank credit card, the user's debit 
card, the user's telephone account, the user's merchant 

65 credit card associated with the merchant ISP, or any other 
preselected billing mechanism is used to bill the user for the 
cost of the transaction. 
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In the disclosed embodiment of the present invention, the from destinations on the Intranet 103 or Internet 104 in 

Billing Platform includes both a Transaction Server and a accordance with the destination address in each packet. 

Billing Server. The Transaction Server interacts with the Server 109 is also connected to database 107, which stores 

merchant ISP that is providing information and/or services as detailed above, the relationship between the IP address 

to the user and records the charges associated with all those 5 assigned to terminal 108 and the user identity, 

transactions associated with a particular IP address- In order to access the Internet 104 from within the InUanet 

Connection ID relationship. At the conclusion of all such 1«3 environment, all packet traffic first flows through a Web 

transactions conducted over that same Connection ID, the Proxy connected to the Intranet, such as Web Proxy 111. 

Transaction Server sends all transaction information for the Only those packets passing through designated web proxies 

associated user to the Billing Server, which then bills the 10 ™ W«> °y Gatewa V 105 .f° r ^mission 

user's various accounts in accordance with the previously outside the Intranet. A browser menu wi hin the Internet 

t ur,t^ u-ir„„ mfl ,u n ; rm navigation software installed on each user s terminal, such 

established billing mechanism. 45 . , . M , , . . , 

as terminal 101, thus specifies the particular web proxy on 

BRIEF DESCRIPTION OF THE DRAWINGS Intranet 103 to which packets to and from that terminal need 

s flow if such packets are intended for transmission onto or off 

FIG. 1 is a block diagram showing the network elements of {h& ln{QrnQX 104 resp e C tively. The web proxy in turn 

for providing the centralized billing functionality of the forwards all outgoing packets to the Firewall Gateway 105, 

present invention for transactions conducted by a user fof transmissioD onlo the i nleraet 104. Before being for- 

located within an Intranet that is connected to the Internet wafded tQ lQe Gateway 105) boW ever, a web proxy may 

through a Firewall Gateway; poim to another web pr0XV) such as 112j which forwards all 

FIGS. 2 and 3 together show a flow chart that illustrates Internet-destined packets to the Firewall Gateway 105. 

steps for effecting billing to an account associated with such ^ noted> Firewall Gateway 105 acts as the agent for all 

a user on an Intranet for a transaction conducted by the user terminals connected through the Intranet to the Internet. It 

on the Internet. functions to terminate the connection with the user's termi- 

nPTAiTFn nP^rRTPTTON 25 nal 101, open a new connection with an ISP, such as ISP U5, 

um/ULtu ucauurnun ^ which ^ ^ intends tQ commuoicale> and passcs 

With reference to FIG. 1 a user's terminal 101 is con- information between processes while monitoring those 

nected to a Local Area Network (LAN) 102 over which packets passing there through according to pre-formulated 

packets of data are transmitted to other terminals on the gateway rules. Thus, Firewall Gateway 105 may function to 

same LAN, or to terminals on other LANS through a 30 prevent users on Intranet 103 from gaining access to certain 

localized corporation's or educational institute's Intranet sites by screening the destination IP addresses of outgoing 

103. Such packets may also be transmitted through the packets. The gateway may also screen incoming traffic to 
Intranet 103 to the public Internet 104 through a Firewall prevent certain types information from reaching the users 
Gateway 105. As will be described, Firewall Gateway 105 connected to the Intranet. Corporations typically use fire- 
acts as an agent for all transactions conducted by all the 35 walls to prevent outsiders on the Internet from accessing 
terminals connected on Intranet 103 to Internet Service information on internal server sites, and to prevent employ- 
Providers (ISPs) on the outside world connected on the ees from accessing certain sites, such as ISPs that provide 
Internet 104, such as ISP 115. Such ISPs provide informa- sexually -oriented material. 

tion and/or interactive services, or may be the interface When Firewall Gateway 105 creates a process with any 

through which software, music or electronic cash can be ^ ISP, the connection is identified by the Connection ID, 

downloaded to the user, tickets ordered, or other merchan- which consists of the IP address of the source, a port number 

dise ordered that upon completion of the on-line transaction 0 f the source, the IP address of the destination, and the port 

is later delivered by mail or other means. number of the destination, which Connection ID is incor- 

A LAN Manager 106, connected to LAN 102, routes porated in each packet transmitted to the ISP. When ISP 115 

those packets originating from or destined to terminal 101 to 45 receives a packet initiating a process, it responds back to the 

and from other terminals connected to Intranet 103 or IP address of Firewall Gateway 105 on the same connection. 

Internet 104, or to and from an ISP connected on the Internet The Firewall Gateway 105, from the Connection ID con- 

104, such as ISP 115. The LAN Manager 106 assigns an ID tained within each packet, associates the responsive packets 
to terminal 101 when the user fic§t connects the terminal to with the IP address of the user's terminal and forwards the 
LAN 102. This ID is an IP (Internet Protocol) address, which so responsive packets back to user terminal 101. At the end of 
may be assigned dynamically each time terminal 101 is a process between a user and an ISP, the Connection ID 
turned on for connection to the network, or may be assigned associated with that process is released and made available 
a static value that remains associated with that terminal as for use by another user's terminal. ISP 115 therefore is 
long as that terminal remains physically connected to LAN unable to directly associate the process with either a user's 
102. Data base 107 serves to store the static or dynamically 55 ID, or with the user's terminal IP address since the only IP 
assigned IP addresses of all such connected terminals, the address presented to it is the IP address of the Firewall 
IDs of the users associated with the IP addresses, and the Gateway 105 contained within the Connection ID. 
passwords associated with the user IDs that must be used in Furthermore, Firewall Gateway 105 does not in fact "know" 
order for a user to gain access through Manager 106 to the the identity of the user with whom it is communicating, but 
Intranet 103. 60 only the user's terminal IP address, which may have been 

A user at a terminal 108 located off the corporate or assigned to the terminal for use only during a current 
educational facility premises can also be connected to the session. * 
Intranet 103 through the switched telephone network (not In accordance with the invention, a Session Manager 116 
shown) using a dial-up modem (not shown) that is internal and associated database 117 are connected to the Intranet 
or external to terminal 108, to access a Remote Access 65 103. Session Manager 116 collects from all the LAN Man- 
Dial-up Server 109. Server 109 assigns an IP address to agers connected to Intranet 103 for each user currently on 
terminal 108 and routes packets through Intranet 103 to and the system, the relationship between the IP address assigned 
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to the user's terminal and the user's ID. Further, Session 
Manager 116 receives from Firewall Gateway 105 the 
relationship between the IP address and the associated 
Connection ID for all ongoing processes through the Fire- 
wall. Session Manager 116 is thus continually collecting and 
storing in database 117 the current relationships between 
Connection IDs and IP addresses, and between IP addresses 
and user IDs. Session Manager therefore is able to directly 
translate the Connection ID for an ongoing process into the 
identity of the user initiating the process. 

As one user terminates a process with an ISP, another user 
on Intranet 103 with a different IP address may access that 
same ISP. The Connection ID associated with the process 
with the second user may thus be identical to the Connection 
ID associated with the first user. Thus, as the new relation- 
ship between the Connection ID and the user IP address is 
conveyed to the Session Manager 116, the previous asso- 
ciation between the first user's ID and the same Connection 
ID is automatically canceled. 

When the user at terminal 101 is connected through 
Firewall Gateway 105 to a merchant ISP 115 for purposes of 
obtaining information and/or services, or conducting any 
type of transaction for which a cost is associated, such as the 
purchase of tangible or intangible goods, the ISP before 
delivering the information, services or goods, or authorizing 
the delivery of such information, services or goods, obtains 
credit approval from the Billing Platform 120 connected to 
Internet 104. Although illustrated in this embodiment as 
being connected on the Internet 104, the Billing Platform 
could be connected on the Intranet 103, or any other Intranet. 
In such a case, the Firewall Gateway associated with the 
Intranet would need to be arranged to permit access to the 
Billing Platform from merchant ISPs located on the Internet. 
A^Transaction Server ;12l£and its associated database 122 
within Billing Platform 120 are thus contacted by ISP 115 
via secured Internet connections 123 and 124 or via a direct 
private link 125. Such secured links are noted in FIG. 1 as 
having thicker lead lines. TheWrarjsacyon^Server^lSl^is 
provided with the Connection ID that identifies the IP 
address and port number assigned for the present instance of 40 
communication by the merchant ISP 115 and the IP address 
and port number assigned for this presentJnstance_o^com- 
munication by Firewall Gateway 105. #^3itibnrTra£sa3 
tioj^SetY^r^lfeis: provid e 

transactionf/suehMas^to 45 
involved . TransaetiQn t ser^er 131 - ,then queries Session Man- 
ager. 116 over^the^Internet :and£lntranet jo^translate_that 
^gojuie^^ 
Server^l2lFon^ 

contacts^the^BiUingL Server^l26-to determinenwhetherahat 
user- is^n^authorize d ..use r toi-wfaom -transactions-can-be 
authbfized^d^biUed^^ 

database^27^to-ascertain- whether "a billing mechimsm^has 
pre viously^teen :e^s^^ 
^biUmg mechanising $stab- 
Ifehtd^t^ 

yin^a^tM^ ^a^nsac^o n - Sej^gg 

fl^lrlwh^ 

la aMiiml^S a 
rcentrauz^Iouim^ 60 
^stal} Ushm g^s^hrgbilling mechimsmjjhe^user provide^ms 
or her selected cho ic&s^r^ 

C^_J5 ^^^fi^(cte^iircard, an account associated with a telephone 

number, or a debit account to be billed. In addition, the user 65 
may specify that certain transactions, depending upon the 
type of transaction, be billed in a specific manner. Thus, the 
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20 



25 



30 
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user may want all transactions involving purchases from a 
specified retailer to be billed to that retailer's own credit 
card, and other purchases to be billed to a bank credit card, 
such as MasterCard or VISA. Charges for transactions of a 
certain type for less than a predetermined amount may be 
designated for billing to an identified telephone account 
associated with the user. Charges for transactions for greater 
than some other predetermined amount may be designated 
for billing to an identified debit account. 
After the user interacts^wjU 



rrarip^^^f^Elllj to 
eslaJkpy^ 

l&passes the mfqnnatip 

on database 127. MUmg~Se~rvef^ll26 thus has stored on 
database 127 for each user who is currently engaged in a 
transaction and who has arranged for such centralized billing 
functionality, a record that includes the parameters of billing 
and the billing choice. Table 1 shows an example of such a 
record. 



55 



TABLE 1 


User ID 


Parameters 


Billing Choice 


Jo ho Smith 


tangible goods s $40.00 


Chase Debit Account 


smith. 1234 




987-654-321 




tangible goods > $40.00 


MasterCard Account 






123-456-7890 




information services 


Telephone Account 






201-555-1234 




all purchases from Sears 


Sears Account 




444-333-777 




software 


VISA Account 






999-222-666 



The Billing Server 126 also stores in database 127 for 
each user a record that includes information for each trans- 
action charged to that user's account. Table 2 shows an 
example of the type of transaction-oriented information 
stored in database 127 for each transaction associated with 
an identified user. 



TABLE 2 



50 



User ID - smith. 1234 

date of transaction - 041596 

ISP accessed - Dow Jones 

Service used - stock report 

account billed - telephone number 201-555-1234 

charge - $.50 

date of transaction - 041696 

ISP accessed - Microsoft 

Service used - download software 

account billed - VISA Account 999-222-666 

charge - $25.00 



Assuming that the user at terminal 101 has established a 
billing mechanism that is resident on database 127 of Billing 
Server 126, and is authorized to charge for further 
transactions, then Billing Server 126 signals Transaction 
Server 121, which in turn opens a record in database 122 to 
record all transactions associated with that user on the 
Connection ID of the present instance of communication 
between the user 101 and the merchant ISP 115. Thus, once 
the Billing Server 126 affirms the user at terminal 101 as an 
authorized user who has pre-established a billing 
mechanism, Transaction Server 121 is signaled and, in turn, 
a message is sent to merchant ISP 115 authorizing the 
transaction. At the conclusion of each transaction with ISP 
115, such as the provision of information and/or services, the 
delivery of intangible goods over the Internet, or the pur- 
chase of intangible or tangible goods for later delivery, ISP 
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115 sends a message bade to Transaction Server 121 indi- the transaction is being made. At step 209, the Transaction 
eating the cost associated with the transaction and the details Server queries the Session Manager to translate the Con- 
of the transaction. Transaction Server 121 therefore main- nection ID provided to it by the Transaction Server with a 
tains a record in its database 122 for each transaction user ID. At step 210, the Transaction Server receives a 
conducted by the user with ISP 115. 5 response from the Session Manager that associates the 
During a session the user at terminal 101 may in fact Connection ID with a user ID and the Transaction Server 
conduct many chargeable transactions with a plurality of checks the Billing Server to determine whether that user has 
different ISPs, each being conducted over connections iden- established a billing mechanism, and that that user has not 
tified by different Connection IDs. For each such exceeded any credit limits that might have been imposed 
transaction, Session Manager 116 provides the association 10 with that user's account. It the user is authorized to proceed 
between the present Connection ID and the user ID to with the transaction by the Billing Manager, that information 
Transaction Server 121, which associates the charges for is forwarded to the Transaction Manager and, at step 211, 
each transaction with the that same user at terminal 101. authorization to proceed with the transaction is forwarded to 
Database 122 therefore accumulates and aggregates the the merchant ISP. At step 212, in response to an authoriza- 
transactions associated with a plurality of different users. In 15 tion from the Transaction Server, the merchant ISP provides 
some periodic manner, such as once each hour or once a day, the requested information and/or services, or enters the order 
or some fraction or multiple of either, Transaction Server placed by the user. At step 213, the merchant ISP forwards 
121 provides to Billing Server 126 all the accumulated a bill to the Transaction Server indicating the cost of the 
billing information for those users who have engaged in transaction, the type of transaction, and the Connection ID 
chargeable transactions within that interval. Such billing 2 o associated with the transaction. The Transaction Server 
information includes the charges and associated transaction receives the information for that transaction for that Con- 
information required by Billing Server 126 to properly bill nection ID, associates it with a user ID, and combines it with 
each user in accordance with that user's pre-established information for other transactions associated with that user 
billing mechanism. Billing Server 126 thereby associates ID. At step 214, at some time thereafter, the Transaction 
each transaction for billing in accordance with the associated 2 5 Server forwards all the transactions associated with that user 
user's the billing mechanism, such as that illustrated in Table ID to the Billing Server, which bills those possibly different 

1 above. Each of the user's transactions is then recorded and accounts associated with the user in accordance with the 
stored in database 127, as shown in Table 2, above. The billing mechanisms pre-established by the user for each type 
appropriate accounts in the various billing entities, 130- of transaction. 

1-130-5, of VISA, MasterCard, etc., are then charged 30 Although described hereinabove in connection with the 

accordingly by means of messages transmitted over private billing for transactions conducted between a terminal 

facilities 131-1-131-5, or other transmission facilities, located on an Intranet and an ISP located on the Internet, the 

between the Billing Server 126 and these entities. present invention could be applied to the billing for trans- 

The functions performed within the Billing Platform 120, actions conducted over any type of network in which the 

as described above, could be distributed between the Trans- 35 connection to the provider is not associated with an address 

action Server 121 and Billing Server 126, or other servers, that identifies the user's terminal, but which is associated 

in a manner different than described above. Also, although with only by some type of connection identifier that 

described in conjunction with a separate Transaction Server uniquely identifies the connection to the provider. In such an 

121 and Billing Server 126 that each have associated application the relationship between the connection identi- 

databases, the present invention could be implemented with 40 fier and the address are stored together with the relationship 

a single server and associated database in which each between the terminal address and the identity of the user 

transaction is billed to a user's account in accordance with using the terminal. These stored relationships are retrieved 

the user's billing mechanism. to determine the identity of the user in response to a received 

The steps of the present invention are illustrated in FIGS. billing signal that associates the cost for a transaction with 

2 and 3. At step 201, the user initiates a connection to the 45 the connection identifier. That user's account is then billed 
network. At step 202, the LAN Manager assigns an IP for the cost of the transaction. 

address to the user's terminal. The LAN Manager then The above-described embodiments are illustrative of the 

notifies the Session Manager of the IP address assigned to principles of the present invention. Other embodiments 

the user's terminal and the associated user ID, at step 203. could be devised by those skilled in the art without departing 

At step 204, the user starts a browser client application and so from the spirit and scope of the present invention, 

receives the first web page. A corporate web proxy is The invention claimed is: 

selected in accordance with a configuration set-up by the 1. A method of billing an account associated with a user's 

user in the application. At step 205, the user's terminal is identity for a cost of a transaction conducted between a user 

connected to the web proxy, that in turn is connected to the through a terminal connected to an Intranet with a merchant 

corporate Firewall Gateway. At step 206, the Firewall Gate- 55 which provides goods and/or services through an Internet 

way removes the user's IP address from the HTTP message Service Provider (ISP) which is connected on the Internet, 

destined to a merchant ISP and transmits the HTTP message the terminal being assigned an Internet Protocol (IP) address 

to that ISP. The Firewall Gateway then sends, at step 207, a that is included in packets transmitted by the terminal, the IP 

message to the Session Manager that includes the Connec- address being removed by a Firewall Gateway that inter- 

tion ID of the connection between the Firewall Gateway and 60 connects the Intranet and the Internet from packets trans- 

the merchant ISP together with the corresponding IP address mitted from the terminal onto a connection on the Internet 

of the user's terminal. This Connection ID includes the IP established between the Firewall Gateway to the provider, 

address of the Firewall Gateway and the port at the Firewall the connection being identifiable by a Connection ID that 

Gateway, and the IP address of the merchant ISP and the port unambiguously identifies the connection, the connection ID 

at the merchant ISP. At step 208, the merchant ISP queries 65 comprising IP addresses and port numbers associated with 

the Transaction Server to authorize the intended transaction each end of the connection, the method comprising the steps 

by forwarding the Connection ID over which the request for of: 
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receiving a signal that associates the user's identity with 
the IP address assigned to the terminal; 

receiving a signal that associates the Connection ID with 
the assigned IP address; 

storing the associations between the assigned IP address 5 
and the user's identity and between the Connection ID 
and the assigned IP address; 

receiving a billing signal that associates the cost of the 
transaction identifier with the Connection ID; 1Q 

using the connection ID associated with the billing signal, 
determining the user's identity from the stored asso- 
ciations between the Connection ID and the assigned IP 
address, and between the assigned IP address and the 
user's identity; is 

billing the account associated with the user's identity for 
the cost of the transaction. 

2. The method of claim 1 wherein the transaction involves 
providing the user with an interactive service. 

3. The method of claim 1 wherein the transaction involves 20 
ordering and receiving an intangible good in digital format 
by the user's terminal from the ISP on the Internet. 

4. The method of claim 3 wherein the intangible good is 
software. 

5. The method of claim 1 further comprising the step of 25 
transmitting the cost of the transaction billed to the account 
associated with the user's identity to a billing entity for 
billing to the user in accordance with a billing mechanism 
established by the user. 

6. The method of claim 5 wherein the billing entity is 30 
determined by the billing mechanism in accordance with the 
cost of the transaction. 

7. The method of claim 5 wherein the billing entity is 
determined by the billing mechanism in accordance with the 
type of transaction. 35 

8. The method of claim 5 wherein the billing entity is 
determined by the billing mechanism in accordance with the 
identity of the ISP. 

9. The method of claim 5 wherein the billing entity is 
determined as a function of the cost of the transaction, the 40 
type of transaction, and the identity of the ISP. 

10. The method of claim 1 wherein after the step of 
determining the user's identity, the method further com- 
prises the steps of: 

determining whether an account has been established by 45 
the user for billing for transactions conducted on the 
network; and 
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authorizing the transaction with the provider if an account 
has been established. 

11. A system for billing an account associated with a 
user's identity for a cost of a transaction conducted between 
a user at a terminal connected to an Intranet with a merchant 
which provides goods and/or services through an Internet 
Service Provider (ISP) which is connected on the Internet, 
the terminal being assigned an Internet Protocol (IP) address 
that is included in packets transmitted by the terminal, the IP 
address being removed by a Firewall Gateway that inter- 
connects the Intranet and the Internet from packets trans- 
mitted from the terminal onto a connection on the Internet 
established between the Firewall Gateway to the provider, 
the connection being identifiable by a Connection ID that 
unambiguously identifies the connection, the connection ID 
comprising IP addresses and port numbers associated with 
each end of the connection, the system comprising: 

a manager comprising a server and a database for receiv- 
ing and storing the associations between the user's 
identity and the IP address assigned to the terminal, and 
between the connection ID and the assigned IP address; 
and 

a billing platform comprising a server and a database, the 
billing platform server receiving a billing signal from 
the ISP that associates the cost of the transaction with 
the connection ID, said billing platform server using 
the connection ID to retrieve from the manager data- 
base an association between the connection ID and the 
user's identity to bill an account in said server database 
associated with the user's identity for the cost of the 
transaction. 

12. The system of claim 11 wherein the transaction 
involves providing the user with an interactive service. 

13. The system of claim 11 wherein the transaction 
involves ordering and receiving an intangible good in digital 
format by the user's terminal from the ISP on the Internet. 

14. The system of claim 13 wherein the intangible good 
is software. 

15. The system of claim 11 further comprising at least one 
billing entity to which the cost of the transaction is billed to 
the user in accordance with a billing mechanism established 
by the user. 

16. The system of claim 15 wherein the billing entity is 
determined as a function of the cost of the transaction, the 
type of transaction, and the identity of the ISP. 

***** 
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